To test OCSP you need three things: The issuer certificate, the certificate you’d like to check and the path to the OCSP. All this information seems to be slightly redundant, as the certificate itself already contains the information about the OCSP URL and most of the time also the path to the issuer certificate. It would be very nice if openssl would read all this information from the certificate itself, nevertheless you need this three things to do some basic checks.
Get the required information from the AIA and download the issuer certificate:

Then you URL encode that file – you might use some free online decoder like http://meyerweb.com/eric/tools/dencoder/ – but here you have to remove the line breaks in advance. Or you do it directly at the shell

Why all this effort, when openssl might do this on it’s own?
Just because openssl won’t work too well in an envrionment where a proxy is required.
The –proxy option seems only to work starting with version openssl 1.1

Most distributions contain only an old version of openssl. If you need a newer version for your scripts, ther often is no other way than compiling it from source. Here I’ll show you, how to do it. And don’t be afraid, it’s super easy! The latest version is a 1.1 development version.
There are only a few prerequisits: You need the packets make and gcc. First you download the source from github and unpack it:

I’ve already asked that question at Stackoverflow but it seems there is not a simple answer about that, or maybe just nobody ever thought about that before!
From what I found out earlier in „wget isn’t checking CRLs“, I see there is no need to verify the CRL with SHA2, because this simply won’t happen.
My best guess about that question is, that it simply depends on the used openssl version. There is some evidence – my wget here is linked against the openssl library. You might check for yourself with

Check about the current certificate, like mine here at https://www.höllrigl.at -> you’ll see a certificate from „StartCom Class 1 Primary Intermediate Server CA“ CA and a CRL at http://crl.startssl.com/crt1-crl.crl

Now I’d like to show to you the dumped packages in tcpdump – but there are none.
Other strong indicators are, that there only started to be a ‚–crl-file=file‘ option to wget starting with 1.16, which allows you to check your certificate against a locally stored CRL file.